To create the malicious app, the BBC was helped by Chris Wysopal, co-founder and technology head at security firm Veracode.

Speaking about the experiment, Simeon Coney, from AdaptiveMobile, said: "In the PC domain the only way a criminal can generally take money from a user is by having them click on a web link, go to a website, purchase a product and enter their credit card details.

"In a mobile network the device is intrinsically linked to a payment plan, to a user's credit.

"Nothing happens on a mobile network, no call is made or text is sent, without money changing hands."

App woes

The piece of malware was hidden in a "crude game". Personally, we have had a lot of fun playing noughts and crosses but we get where the BBC is going with this, and it does highlight potential problems of what could happen when Joe Public starts creating its own apps.